Direct security operations supporting one of the largest banks in the United States. Responsible for all cyber security operations including security operations, incident response, logging & monitoring, data protection (including for AI), cryptography, vulnerability management, customer identity and access management, and red team operations.

Manage technology and cyber risk management teams supporting a Fortune 50 organization critical to the US housing market with over $21B in revenue.

Brought a technology mindset to risk. Hired to build a technology team to manage technology risk. Hired technology talent to assess and reformulate how risk is reviewed within technology organizations.- Result: 2x reduction in time spent assessing technology by risk teams and 5x reduction in time needed from technology teams to assess.Guide and Consult technology teams in risk. Brought into a regulatory project that lacked clear scope and plan. Challenged regulators to define a clear scope, and guided technology teams to project plan would lead to a high probability of success.- Result: Reduction and agreement on scope, and clear expectations for technology teams to execute.Developed a devops and engineering mindset to risk. Much of risk was run ad hoc or at best as waterfall. Established scrum-ban type approach to work management and partnered with engineering teams to approach risk management obligations through engineering PI planning.- Result: Led to improved partnership and decreased unplanned work within engineering functions.Engaged engineering teams as equal. Coming from an engineering background, challenged engineering teams from day one and brought a higher expectation to risk reporting in engineering environments and especially cloud environments.- Result: Established risk metrics for cloud environments and challenged existing metrics for accuracy and scope to improve the visibility into the technology risk management posture.Continuous Assessment mindset. Created a roadmap that would redefine ‘risk assessment’ to align with things like cloud, infrastructure as code, and auto scaling workloads. - Result: Started partnering with risk leadership to steer overall risk strategy to an engineering and technology mindset when assessing risk posture of technology areas.

Lead multiple US architecture, security, and engineering teams of over 40 engineers for US segment of top 50 global bank with over 100k employees and over $45B in revenue.- Maintain previous responsibilities.- Lead technical security resource and liaison- Responsible for developing and leading the Security Architecture program for the US.- Develop and lead the Cloud Governance team and the design and implementation of security and governance in the BBVA US' multi-million dollar public cloud presence.- Leading the Cloud Security Operations team to develop controls and respond to threats.- Oversight and workstream lead for both PCI and all technology implementation related to the integration of BBVA systems with Google Pay (project shutdown midstream)- Lead and manage the enterprise service bus (ESB) teams and other middleware teams for the BBVA US Online Banking Platform as well as other integrated systems going through the ESB.- Oversight and consulting related to the cloud technology aspects of shutting down and decommissioning the ventures/subsidiaries related to the acquisition of the bank.- Collaborated on the architecture for data archival related to decommissioning (related to acquisition) a large cloud technology presence

Reporting to the Chief Technology Officer (CTO) and responsible for creating the security architecture and cloud governance programs for BBVA US.- Established the first Security Architecture program that grew to assessing thousands of projects per year.- Created and matured a world class cloud governance program, focused in AWS, and setting BBVA US on a path to be best of class in public cloud adoption.- Identified $500k (~15%) of cost reduction in public cloud spend within the first 6 months- Built an architecture team that grew from 1 to over 10 security architects and analysts and developing paths for non-traditional security and non-security roles to become valuable architects

Reporting to the Chief Information Security Officer (CISO) responsible for defining and managing security architecture, incident response, and security life-cycle of projects.- Collaborate with various teams to review, design and architect applications and systems that are deployed. - Responsible for the strategy, roadmap, and implementation of security assessments including vulnerability and penetration testing for the enterprise. This includes defining information requirements to ensure that forensically sound information is available for investigation and analysis, working with teams to ensure the proper tools are in place to gather critical data, and working with vendors to engage in testing. - Responsible for Incident Response for high priority security incidents. This includes managing and coordinating resources across teams and departments as well as communicating risk and status to executives. I led and responded to incidents such as WannaCry and NotPetya.

Reporting to the CEO and COO, responsible for leading engagements with clients and managing client relationships.- Lead penetration testing and vulnerability assessment engagements as well as security audits for client networks. I helped build and improve our managed services practice as well as the hosted SIEM application. During my tenure, I worked with one of the largest cities in the US, a number of the top 100 law firms in the US, global architecture firms, energy and utility companies as well as a number of large healthcare companies.The engagements with which I worked helped clients to reduce risks and improve their security programs. I was involved in all of the aspects that help keep organizations secure. This included:- Security Auditing- Risk Assessments- Vulnerability Assessments- Penetration Testing- Security Metrics and Monitoring- Policy and training- Security Program Development- Incident Response and Forensics

I held the role of security analyst charged with managing Data Loss Prevention and email security and encryption. I planned and implemented DLP and email encryption for an enterprise of 1200+ users in over 50 branch offices across the country. I was also responsible for improving the defense-in-depth of web security and client security utilizing enterprise security applications through management of IDS/IPS devices as well as web application vulnerability assessments.Also as the SharePoint architect Mr Alaniz spearheaded efforts to plan and migrate the existing SharePoint infrastructure to SharePoint 2010. Mr. Alaniz revamped the HR onboarding process through SharePoint to include automated workflows and dashboards to track talent through the onboarding pipeline.Additional duties included performing some functions of application development management with regard to production web applications and databases. This included deploying code, making changes, and providing some management of on going projects.● Managed hosted IDS/IPS devices and coordination projects associated with web application scanning and vulnerability scanning● Managed and maintain Cisco IronPorts for email security and encryption and data loss prevention● Business Process consulting to lines of business as it pertains to new SharePoint projects● Application management and development for production web applications and databases● Spearheaded efforts to plan and migrate the existing SharePoint infrastructure to SharePoint 2010● Responsible for code deployment to production web application● Managed ongoing security related projects

In this role, I continued many of the responsibilities as a Technical Consultant. I implemented SharePoint 2010 for a large healthcare organization with 5 hospitals in the system and over 10,000 employees. In this engagement, I installed and configured a 5 server SharePoint 2010 farm. This particular phase was focused on a policies and procedures document center. Within this Document Center he created a number of solutions to business problems that included features of SharePoint such as Content Types, custom workflows, and Information Management Policies.I designed and developed solutions based on a client’s business and technical requirements. I delivered preliminary architectural designs for prospective client opportunities involving SharePoint 2010. I was responsible for the overall architecture, implementation and configuration of the companies’ SharePoint Site(s). I also worked with the various teams to improve the overall site designs as well as offer technical sales support to inside and outside sales teams. I acted as an adviser to developers, consultants, and users with regard to configuration and administration of SharePoint 2010.● Responsible for planning, architecting, installing and configuring SharePoint 2010● Added greater role in consulting and architecting solutions internally and externally with SharePoint 2010● Implemented five server SharePoint 2010 farm for a large healthcare organization with five hospitals and over 10,000 employees● Designed and implemented a SharePoint Document Center to manage policies and procedures for the healthcare system● Delivered a solution that was simple, robust, and scalable by utilizing SharePoint Content Types, Workflows, Information Management Policies, and other “out-of-the-box” functionality.

I led the team for CTS Internal IT. In this position, I was responsible for oversight of daily help desk support, project planning and implementation, maintenance of the CTS IT Infrastructure, management of vendor relationships, and working with the management team to maintain CTS' long-term IT goals. I spearheaded efforts to migrate CTS to a virtualized environment internally in order to reduce costs and improve administrative efficiency.I began my career at CTS while finishing my last semester of college at UAB. I was responsible for daily break/fix help desk support for CTS as well as for addressing basic level service requests for clients in the SMB space for the IT Outsourcing group at CTS.I received several promotions through my career with progressively more responsibility. I gained valuable experience leading several projects to implement new services and infrastructure for clients including network configuration, server infrastructure and other Microsoft products. During this time I began to work closely with client stakeholders to define requirements and manage expectations.I eventually took on a leadership role within the IT outsourcing team providing oversight and assistance to other team members. I also began to provide input on project assessment and design as well as implementation of complex projects including clients with multiple physical office locations.